CherryPy - Deployment Of Application

This chapter will focus more on CherryPy-based application SSL enabled through the built-in CherryPy HTTP server.

Configuration

There are different levels of configuration settings required in a web application −

• Web server − Settings linked to the HTTP server

• Engine − Settings associated with the hosting of engine

• Application − Application which is used by the user

Deployment

Deployment of CherryPy application is considered to be quite an easy method where all the required packages are available from the Python system path. In shared web-hosted environment, web server will reside in the front end which allows the host provider to perform the filtering actions. The front-end server can be Apache or lighttpd.

This section will present a few solutions to run a CherryPy application behind the Apache and lighttpd web servers.

cherrypy
def setup_app():

class Root:
@cherrypy.expose
def index(self):
   # Return the hostname used by CherryPy and the remote
   # caller IP address
	
return "Hello there %s from IP: %s " %
(cherrypy.request.base, cherrypy.request.remote.ip)
cherrypy.config.update({'server.socket_port': 9091,
   'environment': 'production',
   'log.screen': False,
   'show_tracebacks': False})
	
cherrypy.tree.mount(Root())
if __name__ == '__main__':

setup_app()
cherrypy.server.quickstart()
cherrypy.engine.start()

SSL

SSL (Secure Sockets Layer) can be supported in CherryPy-based applications. To enable SSL support, the following requirements must be met −

• Have the PyOpenSSL package installed in user’s environment
• Have an SSL certificate and private key on the server

Creating a Certificate and a Private Key

Let's deal with the requirements of certificate and the private key −

• First the user needs a private key −

openssl genrsa -out server.key 2048

• This key is not protected by a password and therefore has a weak protection.
• The following command will be issued −

openssl genrsa -des3 -out server.key 2048

• The program will require a passphrase. If your version of OpenSSL allows you to provide an empty string, do so. Otherwise, enter a default passphrase and then remove it from the generated key as follows −

openssl rsa -in server.key -out server.key

• Creation of the certificate is as follows −

openssl req -new -key server.key -out server.csr

• This process will request you to input some details. To do so, the following command must be issued −

openssl x509 -req -days 60 -in server.csr -signkey
server.key -out server.crt

• The newly signed certificate will be valid for 60 days.

The following code shows its implementation −

import cherrypy
import os, os.path

localDir = os.path.abspath(os.path.dirname(__file__))
CA = os.path.join(localDir, 'server.crt')
KEY = os.path.join(localDir, 'server.key')
def setup_server():

class Root:
@cherrypy.expose
def index(self):
   return "Hello there!"
	
cherrypy.tree.mount(Root())
if __name__ == '__main__':

setup_server()
cherrypy.config.update({'server.socket_port': 8443,
   'environment': 'production',
   'log.screen': True,
   'server.ssl_certificate': CA,
   'server.ssl_private_key': KEY})
	
cherrypy.server.quickstart()
cherrypy.engine.start()

The next step is to start the server; if you are successful, you would see the following message on your screen −

HTTP Serving HTTPS on https://localhost:8443/